[SECURITY PATCH] nfsd

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Philip Blundell: "Re: 2.2.0 and egcs 1.1 was Re: Sorry, wrong gcc-version"
• Previous message: Gadi Oxman: "Re: IDE tape and SMP"

The nfsd kernel code calls permision() with both CAP_DAC_OVERRIDE and
CAP_DAC_READ_SEARCH set. This allows the access of files in a directory
with permisions 000 even w/ root_squash set.

Here is a patch to fix this problem.

diff -u -r1.1 auth.c
--- linux/fs/nfsd/auth.c 1998/10/16 19:08:05 1.1
+++ linux/fs/nfsd/auth.c 1998/10/26 00:24:23
@@ -43,5 +43,14 @@
current->fsgid = exp->ex_anon_gid;
for (i = 0; i < NGROUPS; i++)
current->groups[i] = cred->cr_groups[i];
+ /* FIXME: hack to make make 000 mode directories unreadable */
+ if ((cred->cr_uid)) {
+ cap_lower(current->cap_effective, CAP_DAC_OVERRIDE);
+ cap_lower(current->cap_effective, CAP_DAC_READ_SEARCH);
+ } else {
+ cap_raise(current->cap_effective, CAP_DAC_OVERRIDE);
+ cap_raise(current->cap_effective, CAP_DAC_READ_SEARCH);
+ }
+
rqstp->rq_userset = 1;
}

---------------------------------
G. Allen Morris III

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Philip Blundell: "Re: 2.2.0 and egcs 1.1 was Re: Sorry, wrong gcc-version"
• Previous message: Gadi Oxman: "Re: IDE tape and SMP"